KUBE_CONTROLLER_MANAGER_OPTS="
  --secure-port=10257 \
  --bind-address=127.0.0.1 \
  --kubeconfig={{ KUBERNETES_CONFIG_PATH }}/kube-controller-manager.kubeconfig \
  --service-cluster-ip-range={{ SERVICECLUSTERIPRANGE }} \
  --cluster-name=kubernetes \
  --cluster-signing-cert-file={{ PKI_PATH }}/ca.pem \
  --cluster-signing-key-file={{ PKI_PATH }}/ca-key.pem \
  --allocate-node-cidrs=true \
  --cluster-cidr={{ CLUSTERCIDR }} \
  --root-ca-file={{ PKI_PATH }}/ca.pem \
  --service-account-private-key-file={{ PKI_PATH }}/ca-key.pem \
  --leader-elect=true \
  --feature-gates=RotateKubeletServerCertificate=true \
  --controllers=*,bootstrapsigner,tokencleaner \
  --horizontal-pod-autoscaler-sync-period=10s \
  --tls-cert-file={{ PKI_PATH }}/kube-controller-manager.pem \
  --tls-private-key-file={{ PKI_PATH }}/kube-controller-manager-key.pem \
  --use-service-account-credentials=true \
  --v=2"
